From 598331da940ec85e676e01f857a3fe4fcec416ed Mon Sep 17 00:00:00 2001
From: Armin Schrenk <armin.schrenk@skymatic.de>
Date: Wed, 27 Nov 2024 15:07:35 +0100
Subject: [PATCH] notarize app in release

---
 .github/workflows/build-mac.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build-mac.yml b/.github/workflows/build-mac.yml
index f918509..71b148d 100644
--- a/.github/workflows/build-mac.yml
+++ b/.github/workflows/build-mac.yml
@@ -162,15 +162,15 @@ jobs:
         working-directory: target
         # ditto must be used, see https://developer.apple.com/documentation/xcode/packaging-mac-software-for-distribution#Build-a-zip-archive
       - name: Zip binary for notarization
-        if: inputs.notarize
+        if: (startsWith(github.ref, 'refs/tags/') && github.event.action == 'published') || inputs.notarize
         run: ditto -c -k --keepParent ./target/cryptomator-cli.app ./${{ matrix.artifact-name}}
       - name: Setup Xcode
-        if: inputs.notarize
+        if: (startsWith(github.ref, 'refs/tags/') && github.event.action == 'published') || inputs.notarize
         run: sudo xcode-select -s ${{ matrix.xcode-path}}
         shell: bash
         #would like to uses cocoalibs/xcode-notarization-action@v1, but blocked due to https://github.com/cocoalibs/xcode-notarization-action/issues/1
       - name: Prepare Notarization Credentials
-        if: inputs.notarize
+        if: (startsWith(github.ref, 'refs/tags/') && github.event.action == 'published') || inputs.notarize
         run: |
           # create temporary keychain
           KEYCHAIN_PATH=$RUNNER_TEMP/notarization.keychain-db
@@ -182,13 +182,13 @@ jobs:
           xcrun notarytool store-credentials "notary" --apple-id "${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}" --password "${{ secrets.MACOS_NOTARIZATION_PW }}" --team-id "${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}" --keychain "${KEYCHAIN_PATH}"
         shell: bash
       - name: Notarize
-        if: inputs.notarize
+        if: (startsWith(github.ref, 'refs/tags/') && github.event.action == 'published') || inputs.notarize
         run: |
           KEYCHAIN_PATH=$RUNNER_TEMP/notarization.keychain-db
           xcrun notarytool submit ${{ matrix.artifact-name }} --keychain-profile "notary" --keychain "${KEYCHAIN_PATH}" --wait
         shell: bash
       - name: Staple
-        if: inputs.notarize
+        if: (startsWith(github.ref, 'refs/tags/') && github.event.action == 'published') || inputs.notarize
         run: xcrun stapler staple ./target/cryptomator-cli.app
         shell: bash
       - name: Cleanup